Wireguard client doesn't work on GL-MT2500A

giuseppefior3 · December 24, 2022, 6:50pm

Hi,

I’m using 2 GL-MT2500A routers, the first one is my wireguard server and the second one is my wireguard client. Everything worked fine during a month. 3 days ago the wireguard client stopped to connect and show this error:

Sat Dec 24 19:43:12 2022 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Sat Dec 24 19:43:12 2022 daemon.err tailscaled[6499]: 2022/12/24 18:43:12 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=eth0 ifs={br-lan:[192.168.8.1/24] eth0:[10.0.3.150/24] wgclient:down} v4=true v6=false}
Sat Dec 24 19:43:12 2022 daemon.err tailscaled[6499]: 2022/12/24 18:43:12 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=eth0 ifs={br-lan:[192.168.8.1/24] eth0:[10.0.3.150/24] wgclient:[172.16.0.2/24]} v4=true v6=false}
Sat Dec 24 19:43:17 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sat Dec 24 19:43:23 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sat Dec 24 19:43:28 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sat Dec 24 19:43:33 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sat Dec 24 19:43:38 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sat Dec 24 19:43:44 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/

The firmware version on the wireguard server side is 4.1.1 and I was using the same firmware on the client side. I tried to upgrade the firmware on the client side with 4.2.0 version but it didn’t solve the issue.

This the wireguard configuration:

[Interface]
Address = 172.16.0.2/24
ListenPort = 53990
PrivateKey = PRIVATE_KEY
DNS = 64.6.64.6
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = ******.glddns.com:51820
PersistentKeepalive = 25
PublicKey = PUBLIC_KEY

Can anyone help me?

hansome · December 26, 2022, 1:52am

Wg port 51820 is not reachable for some reason, need to do some network diagnostic, I just sent you a Private message.

giuseppefior3 · December 26, 2022, 3:29pm

Hi hansome,

the wg server was shutdown but now is power on again.

hansome · December 26, 2022, 4:05pm

Hi Giuseppe, is it able to connect wg server after power on?

giuseppefior3 · December 26, 2022, 4:43pm

No, there is always the same error.

Mon Dec 26 17:42:02 2022 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Mon Dec 26 17:42:02 2022 daemon.err tailscaled[6499]: 2022/12/26 16:42:02 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=eth0 ifs={br-lan:[192.168.8.1/24] eth0:[10.0.3.150/24] wgclient:down} v4=true v6=false}
Mon Dec 26 17:42:02 2022 daemon.err tailscaled[6499]: 2022/12/26 16:42:02 LinkChange: major, rebinding. New state: interfaces.State{defaultRoute=eth0 ifs={br-lan:[192.168.8.1/24] eth0:[10.0.3.150/24] wgclient:[172.16.0.2/24]} v4=true v6=false}
Mon Dec 26 17:42:07 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Mon Dec 26 17:42:13 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/

I rebooted also the modem in the wg server location.

alzhao · December 31, 2022, 2:34am

Tailscale affected Wireguard?

hansome · January 1, 2023, 9:55am

Sorry forget to sync status of this issue, @alzhao @yuxin.zou
After remote debug with giuseppefior3, we found the wg server side gateway port forwarding is not working for UDP, verified by set up a port forward from 51888 to port 53, and doing a DNS lookup like:

dig google.com @xxxx.glddns.com  -p 51888

giuseppefior3 said in his last email.

I found the source of the problem. The ISP blocked incoming UDP traffic on the modem.

I changed the Internet gateway on the wg server GL-MT2500 and now I can establish the VPN from the wg client.

I’ll try to contact my ISP customer care to solve this issue.

Please info us if any updates, thank you @giuseppefior3

willxh · April 5, 2024, 1:57pm

How can I get remote help with someone?

packetmonkey · April 5, 2024, 8:54pm

Best to start a new thread for yourself and include details. Refer to this post for recommendations for quicker help: